Recently there have been a number of so-called “denial-of-service” attacks on servers of various WWW sites, or simply “web” sites. These attacks overwhelm the server with maliciously-generated traffic whose only purpose is to temporarily shut down the server, and, hence, the web site. As can be appreciated, even a temporary suspension of service in a high volume commercial web site can result in a significant loss of revenue to the operator of the web site.
When a denial-of-service attack occurs it is desirable be able to trace the attack back to the machine (or machines) where the attack originated. However, the attacker may attempt to obscure the identity of the source of the attack. A need thus exists to provide a network with an ability to determine a source or sources of maliciously-generated traffic.